尝试使用 kerberos winrm 连接到 Windows winRM

Question

所以我在几个不同的变体下对此进行了测试。我有一个安装了 Windows 2008 R2 服务器和 RHEL6 和 Python2.6 的实验室。我可以使用 ansible 作为远程访问 Windows 服务器并执行 ping 的方法（我已按照有关如何执行此操作的所有说明进行操作）。 我遇到了无法使用 Rhel 7 和 python2.7 执行此操作的问题，但是我不确定 python 版本的差异是否阻止了我。

我经常收到这个 hostname_override 错误...

[alebede@linuxbox]$ klist -a
Ticket cache: FILE:/tmp/krb5cc_37575
Default principal: Admin_alebede@mydomain.bla

Valid starting       Expires              Service principal
02/10/2017 11:30:32  02/10/2017 21:30:32  krbtgt/mydmain.bla@mydomain.bla
    renew until 02/10/2017 21:30:32
    Addresses: (none)
[alebede@linuxbox]$ python
Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
    >>> import winrm
    >>> s = winrm.Session('WINDOWSBOX', auth=('admin_alebede@mydomain.bla',         'mypassword'), transport='kerberos')
    >>> r = s.run_cmd('ipconfig', ['/all'])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
      File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 37, in run_cmd
    shell_id = self.protocol.open_shell()
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message
    self.session = self.build_session()
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 140, in build_session
    sanitize_mutual_error_response=False)
TypeError: __init__() got an unexpected keyword argument 'hostname_override'

用ansible它看起来像这样，同样的hostname_override错误：

mywinserver.mydomain.com> WINRM CONNECT: transport=ssl endpoint=https://mywinserver.mydomain.com:5986/wsman
    <mywinserver.mydomain.com> WINRM CONNECTION ERROR: the specified credentials were rejected by the server
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 154, in _winrm_connect
    self.shell_id = protocol.open_shell(codepage=65001)  # UTF-8
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 190, in send_message
    raise InvalidCredentialsError("the specified credentials were rejected by the server")
InvalidCredentialsError: the specified credentials were rejected by the server

mywinserver.mydomain.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "kerberos: __init__() got an unexpected keyword argument 'hostname_override', ssl: the specified credentials were rejected by the server", 
    "unreachable": true
}

让我知道我还能尝试什么，同样在 Windows 2008R2 服务器上，我可以看到 linux 机器正在尝试在安全事件日志中连接。不知道还有什么事情发生。同样，这在 RHEL6 中适用于 2 个不同的 windows 2008R2 服务器。

Answer 1

winrm 和 requests-kerberos 之间的版本可能不匹配。当我通过 pip 安装 winrm 并通过 apt 安装 requests-kerberos 时，我遇到了同样的问题。

确认您对所有安装都使用单个包管理器。